Original motivation was tiresome warnings about Lua 5.4 not being
supported yet.
Can still be handy to tweak log level, e.g. to prevent logging to
interfere with command output.
Probably worked anyway but settings might not always have been applied
depending on what order things happens in.
Error was hidden by the pcall, which was sorta intentional...
When there are no records to return the return value from dns.lookup()
might be nil or might be a table containing zero records, depending on
which DNS library is used
The Lua string.format %q doesn't behave correctly for all characters
that should be escaped in a quoted-string. And who knows what effects
higher Unicode might have here.
Applying percent-encoding of filenames seems like the safest way to deal
with filenames, as well as being easier than implementing the actual
quoted-string transform, which seems complicated and I'm not even sure
it covers every possible character.
Filenames can safely be assumed to be UTF-8 since they are passed in an
attribute in the query without any escaping.
Fixes that a multi-line string ended up "like\
\9this" instead of "like\nthis" as can be demonstrated by somehow
initiating a connection to a HTTP server.
Shortest first, then alphabetically, so that it prefers the base domain
over subdomains.
Fixes that it might otherwise pick a random sub-domain for filename on
each run, cluttering the certs directory and potentially tricking
Prosody into using an older certificate that might be about to expire.
Relevant and sometimes needed for Direct TLS which mod_s2s uses this
context for. Primarily when e.g. mod_net_multiplex or equivalent ALPN
based dispatch is used.
All these contexts should likely move away from mod_tls and into either
mod_s2s or portmanager. The later already duplicates some of this work.
As in the argument to user:create() and user:roles()
Tricky to come up with something sensible to write when Prosody core
only knows of the 'prosody:admin' role so far.
So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.
A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
Makes it faster by cutting out the roundtrips involved in <starttls/>,
at the cost of making an additional SRV lookup.
Since we already ignore a missing <starttls/> offer and try anyway there
is not much difference in security. The fact that XMPP is used and the
hostnames involved might still be visible until the future Encrypted
ClientHello extension allows hiding those too.
Only allowing it to be passed directly makes it hard to combine plain
(i.e. starttls) and Direct TLS connections in the same connection
resolution procedure. But now we can, using chained resolvers!
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
This tool hasn't been updated for recent XEP-0227 changes, hasn't seen
many changes at all since its introduction and I don't remember anyone
mentioning ever using it.
Using mod_storage_xmlarchive and the migrator or the 3rd party
mod_migrate tool should work better these days and should be the way
forward.
Allows overriding settings via the global 'ssl' settings as before.
This order was probably accidental. That said, 'ssl' is a giant footgun
we will want to discourage use of.
